January 25, 2020

How To Fix ‘550 Permanent Failure For One Or More Recipients’

As a long term system administrator, we deliver technical help for customers round the clock. Since our support also includes helping customers with their email problems, so we solve many mail server related issues for our customers. One such issue our customers face is 550 permanent failure for one or more recipients. Today in this article we will see how we can debug and solve this issue. Recipient mail servers typically allow all the genuine emails, but due to various reasons an email can be flagged as spam and you might receive 550 permanent failure for one or more recipients as an error, thus email being rejected by the recipient mail server.

There are two main reasons as to why you are receiving this error:

  1. Something is wrong with the receiving end.
  2. Something is wrong on the sending end.

If doing this is too much for you, you can sign up with us and let our experts do this for you. Contact us to get started.

Other Similar Error Messages

Before diving into the solution, let see some other related error messages you might receive, such as:

  • 550 5.1.1 Sorry, no mailbox here by that name
  • 550 Requested action not taken: mailbox unavailable
  • 550 5.1.1 Is not a valid mailbox
  • 550 No such user here
  • 550 Invalid recipient
  • 550 Unknown address error ‘MAILBOX NOT FOUND’
  • 550 The email account that you tried to reach does not exist
  • 550 Recipient address rejected: User unknown in relay recipient table
  • 550 Address rejected
  • 554 delivery error: This user doesn’t have an account
  • 554 delivery error: Sorry your message to [email] cannot be delivered. This account has been disabled or discontinued
  • 550 permanent failure for one or more recipients
  • 550 User unknown

These messages usually mean something is wrong on the receiving end, but there is a high possibility that your email might be getting marked/flagged as spam (which is considered to be a problem from sending end)

Issues on the receiving end

Lets first discuss if there is an issue on the receiving end. Upon sending the email, you might have received following as a reply to your email:

This message was created automatically by mail delivery software.

A message that you sent could not be delivered to one or more of its recipients. 
This is a permanent error. The following address(es) failed:

[email protected]
host srv.mailer.com [168.xx.xx.xx]
SMTP error from remote mail server after end of data:
550 permanent failure for one or more recipients ([email protected]:blocked)

There are multiple reasons why receiving end blocked your email, for example:

1. Email address does not exist

Email address does not exist on the receiving end. In which case you might also get another similar error such as “550 #5.1.0 address rejected”. It is possible that you either mistyped the recipient email, or they have provided you with a wrong email address by mistake.

In this case, the solution is very simple, just make sure to use the right email. Contact your recipient through some other medium and ask them to provide you with a correct email address.

2. MX Record not configured correctly

MX record basically tells the world that for any domain such as cyberpersons.com mail server is 192.168.100.1. You can find MX record for any domain using this tool. Enter the domain and click on MX, you will find an address such as mail.cyberpersons.com. Enter this ( mail.cyberpersons.com ) address in the box again and click A record, and you will find an IP address of the email server for the domain.

However, it is the responsibility of the recipient server administrator to set up correct MX records, because if they have configured wrong records, you are then sending emails to the wrong email server, which is why your email is being rejected. You can contact and let them know if you suspect that their MX record is not configured correctly.

3. False Positive on recipient email server

Since email spam is very common, many email servers use spam filters and implement various security mechanisms to fight spam. Even though you were not sending any spam, it is possible that you got triggered on their spam filters and now further of your emails are being rejected.

You can use a telnet client to check if you can connect to their email server. Telnet using domain

telnet domain.com 25

Or first, you can find the IP address of the email server using this tool and then directly telnet to the mail server IP.

telnet 192.168.100.1 25

If telnet reports any problem, then you are most probably blocked by a recipient email server. We will now discuss various reasons on the sender end, to see if something is actually wrong on the sending side. Later we will discuss how you can fix that.

If doing this is too much for you, you can sign up with us and let our experts do this for you. Contact us to get started.

Issues on the sender end

Usually if there an issue on the sending side it is either related to improper verification or your email content hit their spam filter. Following are the major issues that could happen on the sender side:

  1. Sending server IP blacklisted.
  2. Sender server issues.
    1. SPF Record not configured properly.
    2. Failed DKIM Verification.
    3. No DMARC Record.

 

1. Sending Server IP blacklisted

 

Spam monitoring companies who keep an eye on servers which constantly send spam emails. Those companies maintain the list of servers involved in spam mailing. To fight against the spam, the majority of mail servers block the mail coming from a blacklisted mail server. So if you are facing 550 error you have to check whether your IP is listed on these blacklists.

You can check your IP against various block lists through this tool. If your IP is listed on any of the blacklists, there are very rare chances that your email will go through. If you are on a shared service, it is possible that someone else is sending spam emails due to which your IP got blacked listed. However, if you are on a VPS, either your VPS got hacked and being used to send spam emails or someone sent spam emails using this IP before you.

Interesting similar read -> Email Blacklist Removal

Bottom line:

Spam is a very serious problem. Purpose of blacklisting is to reduce the spam in the mailbox of the customer.

 

2. Sender Server issues

 

Let’s evaluate some error messages you see when your mail server is misconfigured or your email server is a source of the spam mailing and sees how ‘550 permanent failure for one or more recipients’ occurred by sender server issues?

So if you want your emails not to be triggered as spam make sure that your SPF record is configured correctly or not missing and your RDNS record is configured in the right way. If your RDNS is not set you have to contact your VPS provider and request them to configure it.

 

Verify SPF, DKIM, DMARC, and RDNS for your Sending Domain

 

These days a lot of spamming is going on. Many people use email spam to do credit card and bank fraud, the question is how they do it? Most of the time people impersonate to be the owner of the domain and send email through a domain they don’t own. For example, they can configure their email software to send email from hello [a] cyberpersons [dot] com even if they don’t own the domain.

However now there are various ways to counter this issue, there are certain TXT DNS records (SPF, DKIM, DMARC) that you can publish. This way receiving end can make sure that your email server is authorized to send an email for cyberpersons.org. We will discuss those records one by one.

 

SPF or Sender Policy Framework (What is an SPF Record)

 

SPF is a simple DNS TXT record. It basically lists IP Addresses of the server(s) authorized to send emails on behalf of a said domain. An example of SPF TXT record is

 

v=spf1 a mx ip4:192.168.100.1 ~all

 

In this example, you are allowing IP Address 192.168.100.1 to send an email on behalf of your domain, so if someone tries to impersonate your domain and this record does not exist, their emails won’t deliver and they may face with 550 Permanent Failure For One Or More Recipients error. Thus this record is very important if you want to make sure that emails are delivered properly. Many mail server uses a security feature called SPF (Security Policy Farmwork) to ensure the authenticity of the mail sender and when you send emails from your mails server that are not mentioned in SPF record of your domain, the recipient mail server considers it as a fraud and won’t allow delivering the email.

 

DKIM or Domain Keys Identified Mail (What is an SPF Record)

 

DKIM is a little tricky, however, it is also published as a DNS TXT record for the domain. It is a mechanism that allows the receiving end to check that an email was actually sent and authorized by the owner of the domain, thus another level of protection on top of SPF. If receiving end can make sure that email is signed with a valid DKIM signature, it guarantees that parts of emails have not tampered and the original message is received.

So it is highly recommended to use DKIM record along with SPF to improve email deliverability and at the same time prevent any spam that can originate from your domain.

 

RDNS Record

 

RDNS is a reverse DNS record which means IP address to domain mapping, usually, DNS is about Domain to IP Address mapping but RDNS is reverse of it. RDNS record is very important in email delivery. This record is set by the owner of the IP, in this case, your cloud provider or if you are our customer we can set this record for you. We will also help you to set all the remaining records too and make sure your server is ready to deliver emails properly.

 

Verify if above mention records are set

 

Let’s check if our domain is vulnerable or not, or if there is any misconfiguration. Go to this (G Suite Toolbox ) enter your domain name and get all the TXT record for your domain. Look for SPF record, shows like this v=spf1. Then in TXT look for DMARC 1 which begins with v=DMARC1 at the subdomain _dmarc (_dmarc.xyz.com)

If the SPF-record ends with “-all” that is enough. If it instead ends with “+all” or “~all” the DMARC-record needs to have “p=reject” or “p=quarantine“. In any other case, it would be considered insufficient.

The SPF-record should exist on all subdomains as well, while DMARC is only on the main domain. If you want to set SPF, DKIM, and DMARC policy in CyberPanel, please refer to this link -> https://blog.cyberpanel.net/2018/05/15/achieve-10-10-email-score-with-cyberpanel/

In short, make sure you have the following records set, so the receiving end can make sure that you are the actual owner of the domain email is being sent from, otherwise, the receiving end may think that you are using someone else domain to send spam email.

  1. Valid RDNS record. (If you are our customer, you can contact us to have it set up).
  2. Proper SPF record.
  3. Sign your messages with DKIM.
  4. Have a DMARC policy.

If doing this is too much for you, you can sign up with us and let our experts do this for you. Contact us to get started.

autologin
1
Tags :

1 thought on “How To Fix ‘550 Permanent Failure For One Or More Recipients’

Leave a Reply

Your email address will not be published. Required fields are marked *

Archives

Categories

Recent Posts

Recent Comments